![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
|
|
PAM-Modules |
A Collection of Modules for PAM |
Sergey Poznyakoff |
PAM-modules Manual (split by node): 
The ldappubkey utility is a simple Perl program which takes
user login name as its argument and produces on the standard output
public ssh keys for that user, each on a separate line. The program
is designed for use with openssh version 6.2p1 or higher.
It is distributed in the examples subdirectory and is not
installed by default. The only prerequisite for its use is the
Net::LDAP module. See Use of pam_ldaphome with
openssh version 6.2p1, for instructions of its use.
The utility looks up for its configuration in the following files: /etc/ldap.conf, /etc/ldap/ldap.conf and /etc/openldap/ldap.conf. These files are tried in this order and the first one of them that exists is read.
The following configuration statements are used (all keywords are case-insensitive):
Specifies the URI of the LDAP server (or servers) to connect to. The default is ‘ldap://127.0.0.1’.
Specifies the default base DN to use when performing LDAP operations. The base must be specified as a Distinguished Name in LDAP format.
Specifies the default DN to bind as.
Specifies the password to use with binddn.
Defines the name of the attribute to use instead of uid. The
LDAP record is searched using the following filter:
(&(objectClass=posixAccount)(attr=login))
List of attributes that hold the public keys. Default is ‘grayPublicKey’ (see ldap-schema).
LDAP filter used to retrieve the objects that contain public keys. The filter string can contain the following variables:
The value of the ‘uid’ setting (see above).
First command line argument.
Full hostname of the machine.
The default value is:
(&(objectClass=posixAccount)($uid=$arg))
PAM-modules Manual (split by node):
This document was generated on August 11, 2021 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.